Security researchers from Pen Test Partners discovered numerous vulnerabilities in 4G routers from various companies. Their operation allows attackers to gain access to confidential user information and execute commands.Vulnerabilities affect 4G routers of various price categories, from consumer routers and dongles to very expensive devices intended for use in large corporate networks.
Exploiting vulnerabilities (CVE-2019-3411 and CVE-2019-3412) detected in ZTE’s MF920 router allows attackers to gain access to user data or execute arbitrary commands. The latter vulnerability is critical and was rated 9.8 on the CVSS v3 scale.
The following issues were discovered while examining the MF910 and MF65 routers, issues that the vendor will not patch:
- The administrator password can be leaked (pre-authentication).
- One of the (post-authentication) debug endpoints is vulnerable to command injection.
- There’s also a Cross-Site Scripting point in a totally unused “test” page.
“These issues could be chained together to allow arbitrary code to be executed on the router, just by a user visiting a malicious webpage,” — added Pen Test Partners researcher ‘G Richter’.
The Netgear Nighthawk M1 Mobile router affected the CSRF vulnerability (CVE-2019-14526) and the team implementation after authentication vulnerability (CVE-2019-14527), which allowed arbitrary code to be executed on the vulnerable device if “the user set an unreliable password in the web interface”.
Two more vulnerabilities were discovered in the TP-LINK M7350 4G LTE mobile wireless router (CVE-2019-12103 and CVE-2019-12104), the exploitation of them allows executing commands both before and after authentication.
“This vulnerability chain could be easily exploited by an attacker by tricking the device’s users into visiting a maliciously crafted page”, – reports G Richter.
Researchers at Pen Test Partners believe that manufacturers who plan to sell 5G routers are currently selling vulnerable 3G and 4G routers and do not promise any patches in future.